[PATCH] SSL: let it build against LibreSSL

Piotr Sikora piotr at cloudflare.com
Wed Jul 30 02:15:06 UTC 2014

Hey Maxim,

> As previously suggested, this doesn't looks like a right way to
> go.  If LibreSSL folks continue to insist this is OpenSSL-2.0.0,
> then we'll probably have redefine OPENSSL_VERSION_NUMBER
> ourselves.

Unfortunately, it looks like they've made their mind :( The discussion
on it stopped, they've made 4 releases with that version already and
OpenBSD is in the release mode right now, so I don't expect that
they're going to change it.

Redefining OPENSSL_VERSION_NUMBER doesn't seem like the prettiest
solution, though.

> Same as for BoringSSL patch - I don't think we should add #if's
> here.

See my reply in the BoringSSL thread... I don't think that it makes
sense to keep setting the callback if we know that it doesn't do
anything. Effectively, we're masking the issue and pretending that the
feature works with BoringSSL and LibreSSL, simply because it compiles
(i.e. the thing you were worried about).

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list